Don’t Believe the Hype: 'Operation Shady RAT' Is Nothing New

Below:

Next story in Security

Digital security giant McAfee made headlines around the world
today (Aug. 3) with the release of a report disclosing a massive
cyberattack, dubbed "Operation Shady RAT," against dozens of
corporations, organizations and governments around the world.

"I divide the entire set of Fortune Global 2000 firms into two
categories," writes Dmitri Alperovitch, the author of the McAfee report, "those that know
they’ve been compromised and those that don’t yet know."

Stealthy, persistent, state-sponsored skilled hackers — what
professionals call
an "advanced persistent threat" — have been snooping around
in the networks of large organizations for years. Security
professionals and regular readers of technology publications are
well aware of the problem.

McAfee's report has simply collected more data on an old
phenomenon and given it a catchy new name. Mainstream media
organizations have eaten it up.

The fact is that
in just the past six months, we've seen "Shady RAT"-style
operations attempt — and often succeed — to steal data from the
defense contractors Lockheed Martin and Northrup Grumman, the
security-device maker RSA, the treasuries of Britain and France,
the International Monetary Fund, the Canadian defense ministry,
the European Commission and the European Parliament, the
Australian parliament, the banking giant Citigroup, and the
Department of Energy's Oak Ridge National Lab.

In almost every case, the methods are the same:
"Spear phishing" emails carrying "backdoor Trojans" embedded
in attachments are directed at a few high-ranking or well-placed
individuals within an organization.

It takes only one of those individuals to open one of those
attachments, which might be disguised as a spreadsheet or a
report, for the intruders to gain access to the organization's
internal network.

(The "RAT" in "Shady RAT" stands for "remote access tool,"
another name for the malware that grants intruders access to
protected networks.)

Command and control

What McAfee has done is to greatly add to the number of affected
organizations. It got hold of a command-and-control server used
in some of these attacks and found evidence that no fewer than 72
more organizations worldwide were targeted, including the
International Olympic Committee and the United Nations.

In most cases, McAfee does not name the organizations, but
instead lists them by country and category.

Western countries affected included the United States (which
accounted for two-thirds of the targets), Canada, Britain,
Germany, Denmark and Switzerland.

But most telling is the Asian countries and regions that were
targeted: Taiwan, Hong Kong, South Korea, Japan, India,
Indonesia, Singapore and Vietnam.

Look at a map and you'll see that all those countries are arrayed
like satellites around a central hub: China. Yet no targets were
identified in the People's Republic, the world's second-largest
economy. And all the nations that were targeted have relations
with China that are delicate at best.

Few companies that have been targeted
have publicly blamed China, with Google the exception. And
major security firms — McAfee is now owned by Intel — are equally
reluctant to admit the obvious, perhaps for fear of alienating
Chinese customers.

That hasn't stopped some security specialists from speaking what
they believe is the truth.

"All the signs point to China," James A. Lewis, of the
Washington, D.C.-based Center for Strategic and International
Studies, told Vanity Fair. "Who else spies on Taiwan?"